cyberattack
Latest
US nuclear regulator hit by two foreign cyberattacks in three years
It's no secret that the White House is eager to protect the energy grid against cyberattacks, but it's now clear that the government is speaking from bitter, first-hand experience. Nextgov has confirmed that foreign hacker groups broke into the Nuclear Regulatory Commission's systems twice within the past three years, compromising PCs and accounts by tricking users into installing malware. A third, individually-launched attack also happened during the same time frame. While investigators couldn't determine the origins due to internet providers deleting their logs, the targets suggest that the attacks were government-backed -- the NRC knows the contents and health of reactors across the US. That logically draws suspicion toward China or Russia, although these could have simply been black market operators hoping to sell to the highest bidder.
Hacker-turned-FBI informant may have orchestrated foreign cyberattacks
The hacker subplot in House of Cards' second season might have felt out of place, but from the sounds of a recent New York Times report, Frank Underwood's methods for putting captured hackers to work might not be too far-fetched. After being busted by the FBI, top LulzSec hacker Sabu may have conscripted at least one former accomplice to carry out a string of cyber-attacks against foreign banks and government websites, according to interviews and documents obtained by the Times. Sabu's seemingly indirect involvement suggests that he may have acted as a federal informant, helping to exploit the likes of the Heartbleed security flaw for state-sponsored cyber-terrorism. For the full report, be sure to head over to the source link. [Image credit: Idhren/Flickr]
NSA Director nominee wants every branch of the military to have a dedicated cyber attack force
It seems like President Obama was pretty serious about that cyber attack list he drew up last year -- his nominee candidate for NSA Director, Admiral Michael Rogers, just told the Senate that the military is building several new cyber combat units. Rogers, who is slated to both take over at the NSA and head the United States Cyber Command, spent several hours answering to the Senate Armed Services Committee this week, explaining his views on national security and his desire to be "as transparent as possible with the broader nation about what we're doing, and why." This included a detailed account of the need to create dedicated cyber attack divisions to supplement traditional ground, naval and air forces, which he says will help act as a deterrent to countries that see the United States as an easy target. "Clearly, Cyber will be an element of almost any crisis we're going to see in the future," he told the Senate. "It increasingly is becoming a norm."
White House unveils guidelines for protecting critical systems against cyber attacks
The US government clearly knows a thing or two about internet security when it deals with (and dishes out) cyber attacks on a regular basis, and it's now ready to share that wisdom with others. The White House has just announced the Cybersecurity Framework, a set of voluntary guidelines that organizations can use to fend off digital assaults on critical infrastructure, like power plants. The NIST-developed Framework tells newcomers where to begin, even if they're outside the US, and it can help experienced outfits educate their partners. American organizations that want further help can also sign up for a program that gets them in touch with federal agencies. The guidelines don't represent surefire protection, but they could reduce the chances that hackers will find gaping holes in the US' virtual defenses.
US officials accuse Iran hackers of breaking into Navy's computers
Oh, how times have changed. Almost a year ago, Iranian officials claimed the country was suffering from constant internet-based attacks. Now, according to the WSJ, it's Iran -- or hackers working for the Iranian government -- that's allegedly behind a series of digital intrusions on the US Navy's unclassified computers. The report, which cites unnamed US officials, says the attacks these past few weeks targeted computers that the Navy's been using for email and intranet. Since no sensitive information was stolen, the US is reportedly more worried about the digital attacks' implications: Iran is gaining hacking proficiency, and fast. Supposedly, it's because Russian hackers have been extending their help -- true or not, it's clear that the US can no longer view Iran as a non-threat in the cyber arena. The Navy has already patched up its security system, but the US government is reportedly still waiting for what comes out of the US-Iran talks before deciding whether to take action.
Banks brace for cyberwarfare drill Quantum Dawn 2
Come June 28th, Wall Street outfits including the likes of Citigroup and Bank of America will be under siege -- from fake hackers, that is. Representatives from a total of 40 companies along with the Federal Reserve, Securities and Exchange Commission, US departments of Treasury and Homeland Security will take part in Quantum Dawn 2: a simulated cyberattack on faux trading and information systems. Led by the Securities Industry and Financial Markets Association, the drill will test the ability of participants to cooperate via email and phone to suss out what's going on and hatch a plan. The exercise will momentarily pause so that those involved can decide on a course of action, and then it'll speed up and model the effects of the decision over a longer period of time. With the recent flurry of hacking incidents and international finger pointing, something tells us this won't be the last we hear of drills like Quantum Dawn. [Image credit: MoneyBlogNewz, Flickr]
Researchers develop algorithm to protect networks from cyber attacks
Amidst increasing concern about cybersecurity, researchers at North Carolina State University have taken one step closer to guarding America's infrastructure from Cylon attack. Well, almost. Dr. Mo-Yuen Chow and Ph.D candidate Wente Zeng have developed an algorithm that detects cyber attacks aimed at distributed network control systems (D-NCSs), which differ from their more vulnerable counterparts in that they don't rely on a centralized brain to coordinate the network's activities. Essentially, then, D-NCSs are nervous systems comprised of several mini-brains working together. In the event of a cyber attack, the algorithm isolates the infected brain before the contamination can spread across the network's pathways. This software solution will be a good first line of defense when vengeful A.I. inevitably rises up in revolt. In the words of Admiral William Adama, so say we all.
Kaspersky Labs preps its own OS to guard vital industry against cyberwarfare
Kaspersky Labs' namesake Eugene Kaspersky is worried that widely distributed and potentially state-sponsored malware like Flame and Stuxnet pose dire threats to often lightly protected infrastructure like communication and power plants -- whatever your nationality, it's clearly bad for the civilian population of a given country to suffer even collateral damage from cyberattacks. To minimize future chaos and literally keep the trains running, Kaspersky and his company are expanding their ambitions beyond mere antivirus software to build their own, extra-secure operating system just for large-scale industry. The platform depends on a custom, minimalist core that refuses to run any software that isn't baked in and has no code outside of its main purposes: there'll be no water supply shutdowns after the night watch plays Solitaire from an infected drive. Any information shared from one of these systems should be completely trustworthy, Kaspersky says. He doesn't have details as to when the OS will reach behind-the-scenes hardware, but he stresses that this is definitely not an open-source project: some parts of the OS will always remain confidential to keep ne'er-do-well terrorists (and governments) from undermining the technology we often take for granted.
Iran claims to have been hit by 'heavy' cyber attack, pins slowdowns on coordinated hacking campaign
Whatever you think of Iran's politics, it's hard to deny that the country has frequently been the target of internet-based attacks that sometimes go beyond the originator's plans. If you believe High Council of Cyberspace secretary Mehdi Akhavan Behabadi, the pressure is only getting worse. He tells Iranian media that the nation is under "constant" digital bombardment and was just hit with a major assault on Tuesday that bogged down local internet access. Behabadi unsurprisingly contends that the attacks are deliberate efforts to undermine Iran's data, nuclear and oil infrastructures, with a finger implicitly pointed westward. While it's no secret that the country's enemies want to slow down what they see as a rush towards nuclear weapons, it's difficult to know how much of the accusation is serious versus bluster: we've seen individual smartphone users who consume more than the "several gigabytes" of traffic that reportedly caused national chaos in the most recent incident. No matter the exact nature, it's likely that residents stand to lose as Iran fences off the internet to keep outside influences, hostile and otherwise, from getting in. [Image credit: Amir1140, Wikipedia]
Google starts warning affected users about state-sponsored cyber attacks
The fallout from malware like Stuxnet and Flame might soon be rearing its head at a Google Plus page or Gmail inbox near you. A post on its online security blog states that Google will now issue warnings in the form of a strip placed just below the upper menu bar to users being targeted by suspected state-sponsored cyber attacks. Google stressed that such warnings don't mean that its systems have been compromised but it does make it highly likely that the recipient may be the target of state-sponsored phishing or malware. How exactly does Google know this to be the case? The company declined to offer specifics, only saying that data from victim reports and its own analysis strongly point toward the involvement of states or state-sponsored groups. Google also didn't mention how often it sees such malicious activity, though coverage of Stuxnet and Flame certainly has put a spotlight on cyber warfare involving nations. In the meantime, feel free to hit the source link below for Google's tips on how to secure your account.
U.S. Department of Defense preps cyber rules of engagement, plans to work more closely with ISPs
The Pentagon left no room for argument last year when it declared cyber attacks a potential act of war. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," a military official reportedly remarked. Yikes. Before we start bombing chimneys, however, the Department of Defense plans to draft up some relevant guidelines, noting in a recent House Armed Services Committee hearing that it will be delivering a set of cyberspace-specific rules of engagement in the coming months. "We are working closely with the joint staff on the implementation of a transitional command and control model for cyberspace operations," said Madelyn Creedon, assistant secretary of defense for Global Strategic Affairs. In addition to setting ground rules for cyber-engagements, the DOD also plans to expand efforts to share classified information on possible threats with internet service providers and defense contractors.
US Cyber Command completes major cyber attack simulation, seems pleased with the results
The US Cyber Command is barely out of its infancy, but it's already crossed one milestone off its to-do list, with the successful completion of its first major test run. The exercise, known as Cyber Flag, was carried out over the course of a single week at Nellis Air Force Base in Nevada, where some 300 experts put their defense skills to the test. According to Col. Rivers J. Johnson, the participants were divided into two teams: "good guys," and "bad guys." The latter were delegated with the task of infiltrating the Cyber Command's networks, while the former were charged with defending the mock cyberattack and keeping the government's VPN free of malware. The idea, according to the agency, was to simulate a real-world attack on the Department of Defense, in order to better evaluate the Command's acumen. "There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson explained. "It was a great exercise." The Colonel acknowledged that the good guys weren't able to defend against all of the attacks, but pointed out that the vast majority were recognized and mitigated "in a timely manner." All told, Cyber Flag was deemed a success, with NSA Director and Cyber Command chief Gen. Keith Alexander adding that it "exceeded" his own expectations.
Water pump reportedly destroyed by SCADA hackers
The FBI and DHS are investigating damage to a public water system in Springfield, Illinois, which may have been the target of a foreign cyber attack. There's no threat to public safety and criminal interference has not been officially confirmed, but a security researcher called Joe Weiss has reported evidence that hackers based in Russia are to blame. He claims they accessed the water plant's SCADA online control system and used it to repeatedly switch a pump on and off, eventually causing it to burn out. Coincidentally, a water treatment facility was publicly hacked at the Black Hat conference back in August, precisely to highlight this type of vulnerability. If there are any SCADA administrators out there who haven't already replaced their '1234' and 'admin' passwords, then they might consider this a reminder.
US government to beat back botnets with a cybersecurity code of conduct
Old Uncle Sam seems determined to crack down on botnets, but he still needs a little help figuring out how to do so. On Wednesday, the Department of Homeland Security and National Institute of Standards and Technology (NIST) published a request for information, inviting companies from internet and IT companies to contribute their ideas to a voluntary "code of conduct" for ISPs to follow when facing a botnet infestation. The move comes as an apparent response to a June "Green Paper" on cybersecurity, in which the Department of Commerce's Internet Policy Task Force called for a unified code of best practices to help ISPs navigate through particularly treacherous waters. At this point, the NIST is still open to suggestions from the public, though Ars Technica reports that it's giving special consideration to two models adopted overseas. Australia's iCode program, for example, calls for providers to reroute requests from shady-looking systems to a site devoted to malware removal. The agency is also taking a hard look at an initiative (diagrammed above) from Japan's Cyber Clean Center, which has installed so-called "honeypot" devices at various ISPs, allowing them to easily detect and source any attacks, while automatically notifying their customers via e-mail. There are, however, some lingering concerns, as the NIST would need to find funding for its forthcoming initiative, whether it comes from the public sector, corporations or some sort of public-private partnership. Plus, some are worried that anti-botnet programs may inadvertently reveal consumers' personal information, while others are openly wondering whether OS-makers should be involved, as well. The code's public comment period will end on November 4th, but you can find more information at the source link, below.
Pentagon says cyber attacks are acts of war: send us a worm, get a missile in return?
Well, the Pentagon is finally fed up with hackers picking on its buddies and foreign intelligence taking shots at its computer systems, and has decided that such cyber attacks can constitute an act of war. Of course, the powers that be won't be bombing you for simply sending them some spyware, but attempts to sabotage US infrastructure (power grids, public transit, and the like) may be met with heavy artillery. It's unclear how our government will identify the origin of an attack or decide when it's serious enough to start shooting, but Uncle Sam is looking to its allies to help create a consensus answer for those questions. The retaliatory revelation is a part of the Pentagon's new cyber strategy that'll be made public in June -- so saboteurs beware, your next internet incursion might get you an ICBM in your backyard.
China Telecom re-routes 15% of the world's Internet traffic for a full 18 minutes, hopes no one noticed
On April 8 of this year there was an approximately eighteen minute long period of time where China Telecom advertised erroneous network traffic routes, causing foreign Internet traffic to travel through Chinese servers. According to a congressional panel, about fifteen percent of the world's Internet traffic was diverted -- including that of the US government and military, and a number of commercial websites. As always seems to be the case when we're talking about The People's Republic, there are few things that can be said for certain, while a ton of questions linger: was this really just a mistake, or was someone flexing their muscles? Could this have been a diversion "intended to conceal one targeted attack," as Arbor Networks Chief Security Officer Danny McPherson suggested? We don't know, but this is the country that brought us both iorgane and buses that drive over cars, so we suppose anything's possible.
Thumb drive-based malware attack led to formation of US Cyber Command
Recently declassified documents have revealed that the worst breach of U.S. military computers evar went down in 2008, a major turning point in our nation's cyberstrategy that eventually led to the formation of the United States Cyber Command. Operation Buckshot Yankee, as the defense came to be known, began when a USB thumb drive infected by a foreign intelligence agency was found in the parking lot of a Department of Defense facility in the Middle East. Whomever found the thing placed it in their laptop (probably hoping to find Justin Bieber MP3s), which just so happened to be attached to United States Central Command. From that point, writes Deputy Defense Secretary William J. Lynn in Foreign Affairs, malware spread "undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control." Yikes! We still haven't found out which country orchestrated the attack, or what they might have learned from it, so until the Pentagon tells us otherwise we're going to do what we usually do in these situations and blame Canada (sorry, Don). [Warning: read link requires subscription]
Director of National Intelligence says major cyber attack could wreak havoc on the U.S. of A.
Director of National Intelligence Dennis Blair told the National Intelligence Committee that the United States is at risk of a "crippling" cyber-attack, and without the proper tools to defend against such an attack. Blair counseled the US to "deal with that reality," saying that catastrophic consequences would result if it did not deal with said reality. Specific problem areas he cited include the fact that more and more, foreign companies supply both the hardware and software for private businesses. Blair also noted the fact that the net has served as a breeding ground for "homegrown radicalism." You don't say? Hit the source link a fuller detail of yesterday's proceedings.
Mysterious cyber-attacker hits at federal websites, crisis averted?
It looks like a nefarious cyber-attack which affected several federal websites in the United States was a little more far-reaching than initially thought. The attack -- which started on the 4th of July -- targeted websites in both South Korea and the United States, including the Treasury Department, Federal Trade Commission and Secret Service. Various problems were still being reported days later, and while there's no official word on who the attackers were, those "people familiar with the matter" we know and love seem to be pointing their fingers at North Korea. So far as we know, no irreparable damage has been done, but we're not sure anyone would tell us if it had.
